Subscribe to this blog

Follow by Email

Security: Scam Involving the "assoc" Command on Windows

Today I received a call from a Mark Atkison. He claims to be with Windows Technical Services, located in (or on) Brainbridge Island, Washington. Phone number 206-201-2413

Mark claims for the last two weeks my computer has been downloading online infections, junk files and miscellaneous viruses. I asked him about my “online ID number” Mark said my “customer license Security Identification number is: 888DCA60-FC0A-11CF-8F0F-[deleted]“. Mark said I could verify this by pressing the Windows key and r at the same time.... That would open a “run box” When the run box opens I was to type ASSOC. When I hit the Windows key + r, I saw a box open with “cmd”... which I figured stands for “command”. If I remember correctly, I erased the “cmd”. I was to type ASSOC. When I did, I saw something come up with “exe”. By the way, when I typed in ASSOC, I would not hit enter. I thought this might be some kink of scam or bull shit. I told Mark I was going to contact my son who is a high end programmer. Mark said I could call him back at the number listed above and refer to, “Docket number Yash 120695”. Mark told me they will show me the error and warning reports they have been receiving from my computer or lap top operating system.

This evening, I looked up Brainbridge Island, Washington... I found there was no Braindridge Island, Washington. There was however a Bainbridge Island, Washington (no “r”). Did I make a mistake? I'm not so sure I did. I had him spell out everything. I did a Google search for the phone number he gave me.... I found the following:

Match Found! We found phone number (206)201-2413

See Full Results

Received a call from (206)201-2413? View the comments below or add a comment of your own for 2062012413. Remember to not reveal personal information. Tell us about 206-201-2413. What time did they call and what was the call about?

Anonymous Monday, 19 May, 2014 15:19
Yes this is a scam call, beware do NOT install anything on your computer. They will records all your personal info

I think my instincts were good and your assessments were right on. Needless to say, I will not be calling Mark.

Best wishes to you and yours,
Dad

Apparently, the assoc command in Windows can be used to change file associations. The attacker could use this to convince you to treat .txt files as .exe files. Then, he could give you an executable that has a .txt extension. You would think it was safe, but when you opened it, it would run the executable, thereby taking over your computer.

At least, that's what I think is going on. I'm not 100% sure. It kind of seems like a like of work for the attacker since it involves him calling people manually.

Comments

My dad received a similar call a few months ago posing as Windows Tech Support. Unfortunately, he wasn't as suspicious and allowed them to remote control the PC to do a tune-up. They then wanted to charge him $99 for a complete tune-up, virus removal, etc., at which he balked and hung up. I think and hope the scam is just getting you to spend money for services you don't need.

I received this exact type of call earlier today. Caller, Mack or Max, insisted I get on my computer so he could help me but I told him I couldn't access my computer at that time and that I would call him back so he gave me the number 206-201-2413 which I looked up and that led me to this site/comments. He said he would call me back. I felt like this was probably a scam or hacker so I'll be ready to blast him when he calls back!

I just got off the phone with a different rep who guided me into the command prompt. I typed in assoc and hit enter then he used a number on there to 'prove' that he could verify my 'unique' ID # to give credibility to his call. I knew right away this was a scam from previous experience but I love dragging them on a bit and then telling them they are full of it. After he rattled off my # I asked him why, after searching google for 'windows technician' does every listing say that you are a scam. He then called me a mother..... and hung up! That's the way you've got to treat a scammer!

I just got off the phone with a caller who claims the same. This time it's a woman with an Indian accent. I could hear a lot of activity in the background which means they are busy scamming people, so beware. I led her on, as I was confident from the beginning she is a scammer and that I don't have problems with my computer. I asked her how she determined my computer is having problems and how was she able to match my computer ID with my phone number. She said Microsoft provided her with all that and that she is a Microsoft certified technician. My phone is unlisted and Microsoft would not have a way of getting it, I told her trying to corner her. She read her script again and that she is there to help. So I asked her for my computer ID and that I will verify if that is correct. I checked my computer ID while she was talking but all she did was asked me to run the "CMD" on the window that popped up after supposedly typing CTRL R. She then told me to type "assoc" on the black window that pops up. At this point I told her to give me her phone number so I could call her back and that I will make the determination myself if my computer is having problems like she said. It was then that she hang up. Their phone number is from Texas 1 806 611-6600. Obviously with the phone services like Magic Jack, you can purchase a phone from a state in the US and mail the phone anywhere in the world and use it, so the people that get their calls would think they are calling from here in the US.

I had had some fun with a woman with an Indian accent about a year ago, getting her as far as transferring me to a manager because I insisted that THEY tell ME my computer's ID, if they really had been able to see that it had viruses. (I was in a mean mood, a close friend having been scammed that way into giving her credit card number.) The new lady took the bait and gave me an ID for my computer that consisted of around 37 digits and letters (and every time there was an S or F, or a V or D or B, I "confirmed" by asking if it were the other letter. I hung on till the end, writing it all down, and then said I would check the ID myself and if the number they gave me was right, I would trust them if they called again. They didn't! To give them credit, neither lady got ruffled when I kept playing dumb and had to be instructed over and over.

This morning's caller was quite different. From the outset, he was breathing heavily after each sentence as if nervous. As the call progressed, he frequently adopted an angry or bullying tone and avoided giving real answers to questions. He claimed to be with a Windows Tech. support company "certified by Microsoft," and when I said I had heard that 'hackers do things like what he was doing to get access to people's computers,' oh, was he indignant, going on and on about how 'hackers would never call people in order to help them.' It was hard not to laugh.

When I insisted on his giving me my computer's ID number before I would look it up, he hesitated and said he would call me back. I said, "I doubt it, because you're a scammer," but he must not have heard me because he did phone again about 15 minutes later. (When I later checked it, the number he gave me was the one that I guess most--or many Windows PCs have near the bottom of the list in the event viewer, which I had declined to bring up, on the grounds that I was afraid to hit enter after typing "assoc.")

But now, before I agreed to bring up the event viewer, I insisted on one last test: checking his credentials by using his name or the name or number of his company by which Microsoft would recognize them, if they were really certified by MS. Asked for his name or his company's ID, he evaded by saying I could find Microsoft's number and call them, but he wouldn't give me anything on his company. Of course, I knew that he would give up on me if it reached the point where I checked on him with Microsoft.

Hopefully, he was young and not in danger of having a stroke, because during our two conversations, he seemed always teetering on the brink of rage, sometimes already over the edge and unable to hold it down. I was tempted to tell him that a good scammer had to know how to keep his cool, but I didn't. Why help him to develop his skill to scam someone else?

Thanks for tying this blog. I had a similar experience today. And it rubbed me the wrong way so I started looking some things up. I told the caller , I felt the instructions he gave me were questionable. He laughed and said "uh-huh" and then after a moment continued to try and have me visit a site named microsoftaios.com. When I wouldn't go there he told me to go type Supremo into google and download that, which is an application that allows for remote control of a computer from a different location. I told him I appreciated his time and that the call was over, I didn't need his services.

This scam has been running since at least 2011, and they're still trying to do it. Like a lot of computer crime, it's a con game. They're not hackers, they're pretending to be something they're not, and they don't even have to be all that smart.

3rd May 2017

They say they're getting all this information about problems with your machine, but they refuse to tell you anything about your machine. No IP address, never telling you anything about which version of Windows you might be using, not even half-way plausible info. And if their instructions don't work, all they can say is do the same thing again.

Odd how I never mentioned that I am running Linux. How careless of me.